Logsurfer configuration
Hello
Im trying to configure Logsurfer and im a bit confused of the context thingy. I start logsurfer with the following command:
logsurfer -c conf /var/log/auth.log
And it tells me:
[HTML]
unknown default action: rule before "sshd\\[$2\\]:" - - - 0 exec "/bin/echo $0"
unknown default action: rule before "sshd\\[$2\\]:" - - - 0 exec "/bin/echo $0"
unknown default action: rule before "sshd\\[$2\\]:" - - - 0 exec "/bin/echo $0"
[/HTML]
And my conf file says:
[HTML]
"CRON" - - - 0 ignore
'sshd\[([0-9]*)\]: Illegal' - - - 0
open "sshd\\[$2\\]:" - 5000 1800 600 rule before "sshd\\[$2\\]:" - - - 0 exec "/bin/echo $0"
".*" - - - 0 ignore
[/HTML]
Isnt the context default action syntax right? I guess not.. The thing im trying to do is get all messages printed from each context.
Ill appreciate any help very much.
|